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METHOD AND SYSTEM FOR ENCRYPTION 



Field Of The Invention 

5 The present invention relates generally to information handling systems and more 

particularly to encrypting communications within an information handling system. 

Background Of The Invention 

1 0 The entertainment industry is involved in a continual struggle to keep movies from 

being illegally copied. Unfortunately, the same technological advances that have made 
distributing high quality movies easier, have made high quality illegal copies easier to 
produce. Of particular concern is the copying of high-bandwidth digital video content such 
as DVDs. Various methods have been employed to protect the content of DVDs from being 

15 copied illegally. One such method has been to equip DVD players with Macrovision, or a 

similar copy protection system. Common copy protection systems allow a media player to 
detect connections to multiple recording devices, and to scramble or otherwise alter the 
video data so that quality copies cannot be made. Because of the importance of preventing 
high quality copies from being made, a more secure form of copy protection, known as 

20 Content Scrambling System (CSS), was developed. Using CSS, the content of a DVD is 

encrypted, allowing the content of the DVD to be read only through the use of an encryption 
key stored on the DVD and a decryption key stored on the DVD player. 

The use of encryption to protect DVDs from being illegally copied has been used 
25 much more frequently as DVD use has expanded. Many computers are being sold with 

buih-in DVD drives and software players. While the content of the video and audio data in 
the DVD is encrypted, once the DVD player software has decoded the content, the content is 
decrypted and unsecured. Video controllers can be made with stored encryption keys that 
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correspond to encryption keys on digital displays, allowing the content between the video 
controller and the display to be encrypted; however, installing a unique set of encryption 
keys during the production of the video controller hardware can be expensive. Furthermore, 
no insurance can be made of the security of data between the system's software and the 
5 video controller, within the information handling system. 

Brief Description Of The Drawings 

Various objects, advantages, features and characteristics of the present invention, as 
well as methods, operation and functions of related elements of structure, and the 
10 combination of parts and economies of manufacture, will become apparent upon 

consideration of the following description and claims with reference to the accompanying 
drawings, all of which form a part of this specification, wherein like reference numerals 
designate corresponding parts in the various figures, and wherein: 

15 FIG. 1 is a block diagram illustrating an information handling system with an 

interfaced display, featuring key components according to at least one embodiment of the 
present invention; 

FIG. 2 is a chart illustrating a method of authenticating secure connections between 
20 an information handling system and a display, according to at least one embodiment of the 

present invention; 

FIG. 3 is chart illustrating a method to secure communications between a software 
video driver and a video controller, according to at least one embodiment of the present 
25 invention; and 



FIG. 4 is a flow chart illustrating a method of authenticating secure communications 
between a video controller and a display. 
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Detailed Description Of The Figures 



At least one embodiment of the present invention provides a method for establishing 
an encrypted link between a peripheral device and a software component, as part of an 
5 information handling system. The method comprises generating a first seed key common to 

both the peripheral device and the software component. The method also includes providing 
the first seed key and a public encryption key associated with the peripheral device to a 
hardware controller. The method further includes generating in the hardware controller, 
using the first seed key and the pubhc encryption key, a second seed key, different from the 

10 first seed key. The second seed key is used to encrypt communications between the 

software component and the hardware controller. An advantage of at least one embodiment 
of the present invention is that communications between a software component in an 
information handling system and a hardware controller can be secured using encryption 
unique to a software component and peripheral device combination. Another advantage of 

15 at least one embodiment of the present invention is that by downloading encryption keys 

from a network, eliminating the need to install multiple sets, or a unique set, of encryption 
keys on hardware controllers, production costs of hardware controllers can be reduced. 

Referring now to FIG. 1, a display is shown as part of an information handling 
20 system containing a software component, through a video controller, according to at least 

one embodiment of the present invention. Secure connections can be established between a 
software component, such as video driver 123, a video controller 140, and a display 150. 
Video driver 123 monitors and controls the flow of data, such as digital video disk (DVD) 
data to display 150 connected to video controller 140, dependent on whether the secure 
25 connection is maintained. In one embodiment of the present invention, display 150 is a 

digital video interface (DVI) compliant display which is connected to system 110, using a 
DVI interface 158 connected to a DVI connector 148. However, in at least one 
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embodiment, display 150 can also be another type of display, a repeater with a plurality of 
displays connected to it or any other peripheral device used to transfer data. 

When a DVD is being played through a DVD player connected to system 110, the 
5 content of the DVD can be read using a DVD drive and DVD player software (not shown). 

The DVD data is sent to a software component, such as video driver 123, run in memory 
120 by a central processing unit (CPU) 130. Video driver 123 transmits a software public 
key 126 to the connected display 150. Software public key 126 can be loaded from a basic 
input/output system (BIOS) chip. Alternatively, software public key 126 and any necessary 
10 private keys 127 can be downloaded from a network, such as the Internet 170, through a 

communications interface 135, The key is sent over peripheral component interconnect 
(PCI) bus 137. PCI bus 137 can also be used to communicate with other devices in system 
110, such as an audio card (not shown), communications interface 135, etc. It will be 
appreciated that other internal bus types may be used, such as the Video Electronic 
15 Standards Association local bus (VLB), the industry standard architecture (ISA) bus, or the 

extended ISA (EISA) bus, without departing from the spirit or scope of the present 
invention. 

Display 150 also transmits its public key, monitor public key 156, to video driver 
20 123, through video controller 140. In one embodiment, video driver 123 checks monitor 

public key to determine if it is on a list of revoked keys. If the key has been revoked or it is 
not transmitted, a value can be written into register HDCP_AUTHORIZED to indicate that 
display 150 is not authorized for secure communications. If the device connected to DVI 
connector 148 is a repeater (not shown) connected to a plurality of displays, the key of each 
25 display is preferably monitored to ensure that they are all authorized for secure 

communications. 
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When video driver 123 receives monitor public key 156, it uses that key to select 
from private keys 127, as is described subsequently in FIG. 2. The chosen private keys are 
then added together. This summation generates a secret seed key, Km which can be used 
for authentication and encryption. Video driver 123 sends the value of Km to video 

5 controller 140, where it is stored in registers HDCP_DATA_UPPER 144 and 

HDCP_DATA_LOWER 146. A manipulation of Km, such as through an orthogonal 
transformation, is performed to generate another value, Rq. In one embodiment, Km is 
loaded into a least first shift register and a known number of clock cycles is applied to the 
LFSR. Select bits output from the LFSR are used to generate Rq. Rq can be stored in 

1 0 memory 1 20, or in a temporary register, such as register 141. 

When display 150 receives software public key 126, it uses that key to select from 
private keys 157. The chosen private keys are added together to generate a secret seed key, 
Km' which can be used for authentication. Manipulation is performed on Km', as was 
15 discussed for generating Rq from Km, to generate a value Ro'. Display 150 transmits the Rq' 

value to video controller 140. 

Video controller 140, under the control of processing circuit 145, can compare the 
stored Rq and R^' values. If display 150 is an authorized display. Km and Km' should be the 

20 same value and Rq and Rq' should be equal. If the values are not equal, video controller 140 

can terminate communications, continue trying to fmd an authorized connection, or simply 
notify video driver 123 of the unauthenticated condition. If Rq and Rq' are equal, display 
150 is considered authenticated, and a value is written to register HDCP_CONTROL 142 to 
indicate that authentication is complete. Once the display is authenticated, video controller 

25 140 is left to handle authentications of the secure connection with display 150, If display 

150 is removed or another display is connected, it is the job of video controller 140 to notify 
video driver 123 so that software can update communications status accordingly, and take 
any necessary actions, such as terminating communications with display 150. 
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Authentication, encryption, and other functions performed by video controller 140, can be 
performed using processing circuit 145. In one embodiment, processing circuit 145 is a 
hardware circuit, or collection of circuits, dedicated to encrypting and decrypting 
information, while in other embodiments, processing circuit 145 is a microcontroller or 
5 other processor that is used in conjunction with appropriate software to perform a wide 

variety of functions on video controller 140, 

Communication along PCI bus 137, between video driver 123 and video controller 
140 is preferably encrypted. In one embodiment, the value of Km (supplied by video driver 

10 123) is combined with the value of monitor public key 156 by rearranging the bits of the 

combined value in a predefined ordering. The combination can be performed using a simple 
summation. The combination of the values of Km and monitor public key 156 can be used 
to generate an encryption key, herein referred to as the PCI key. Video controller 140 and 
video driver 123 can encode transmissions between each other on PCI bus 137 through a 

15 mathematical transformation, such as an orthogonal transform involving the PCI key. In 

one embodiment, an exclusive OR (XOR) calculation is performed between the data to be 
transmitted and the PCI key to encode transmissions. Since both video controller 140 and 
video driver 123 have knowledge of the PCI key, data between them can be encoded, 
transferred, and decoded. 

20 

Communication of non- video data between display 150 and video controller 140 is 
handled through DVI connector 148 and DVI interface 158 using an I'C compliant display 
data channel (DDC) line. It will be appreciated that other suitable communication protocols 
and corresponding hardware may be used according to the objectives of the present 
25 invention. 



Since communication of control values between 140 and 150 are not encrypted in 
any form, an orthogonal transform can be used to encrypt communications between video 
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driver 123 and video controller 140, using a dynamic encryption key. In at least one 
embodiment, the original key used for orthogonal encryption is the PCI key. If orthogonal 
encryption with a dynamic key is implemented, the PCI key can be aUered periodically by 
applying a predetermined transform or a suitable mathematical algorithm to the value of the 

5 PCI key. For example, once data is decoded, a new encryption key can be generated using a 

combination of the value of Km with the decoded data. Using a dynamic encryption key, 
the communicating devices, such as video driver 123 and video controller 140, or display 
150 and video controller 140, alter the encryption keys to provide added security. 
Alternatively, the function used for the orthogonal encryption can be dynamically altered to 

1 0 change the encryption scheme. 

In one embodiment of the present invention, after an orthogonal encrypted link has 
been established on PCI bus 137, video driver 123 can send software public key 126 and an 
encrypted private decryption key, downloaded from the Internet 170, to video controller 

15 140, through PCI bus 137. Monitor public key 156 can also be sent to video controller 140, 

through DVI connector 148, by display 150. After receiving all the necessary encryption 
and decryption keys, video controller 140 can use the encryption keys to implement public 
key encryption. Keys associated with video controller 140 can also be downloaded from a 
network, such as the Internet, to initiate public key encryption between video driver 123 and 

20 video controller 140. 

Referring now to FIG. 2, a diagram is shovra illustrating the steps taken during the 
authentication of a display. When initiating communications with a display, a video driver 
can initiate and execute the steps describe in FIG. 2 to insure that the display is authorized 
25 for secure communications. 

In step 210 an information handling system transmits a public key associated with its 
video driver, to a connected display. The public key will be referred to as key selector 
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vector-A (AKSV). In step 235, AKSV is retrieved by the connected display. In step 240, 
the connected display uses the placement of binary I's in AKSV to choose a subset of 
private keys from a stored collection of private keys located in the display. For example, if 
the location of I's in AKSV are in the 0th, 4th, and 5th bit locations, as in the hexadecimal 

5 value 0x31 (110001 in binary), the display would choose the 0th, 4th, and 5th private keys 
stored in an indexed array in the display. In one embodiment, AKSV is a 40-bit value with 
20 I's and 20 O's, allowing the display to select 20, 56-bit private keys. It will be 
appreciated that the size of the keys used can be altered without departing from the scope of 
the invention. The selected private keys are preferably summed together, generating a 

10 secret seed key, Km'. In step 245, the lower Km' value is manipulated to form another 16- 

bit value Ro'. In step 270, Rq' is transmitted to the information handling system. Rq' can be 
encoded before being transmitted to the information handling system, such as through an 
orthogonal transform with the display's public key or the calculated seed key. Km'. In 
another embodiment, Ro' would not need to be encoded. 

15 

The connected display also transmits its public key, as in step 230. The display's 
public key will be referred to as the key selector vector-B (BKSV). In step 215, the 
information handling system retrieves BKSV. In step 220, the information handling system 
employs similar steps as the display's step 240 to calculate a secret seed key. The 

20 information handling system uses the connected display's public key, BKSV, to choose 
among its stored private keys. The information handling system chooses its private keys 
dependant on the locations of I's in the binary value of BKSV. For example, if the location 
of I's in BKSV are in the 0th, 2nd, and 4th bit locations, as in the hexadecimal value 0x15 
(10101 in binary), the display would choose the 0th, 2nd, and 4th private keys stored in an 

25 indexed array in the information handling system. BKSV can be a 40-bit value with 20 I's 

and 20 O's, allowing the display to select 20 private keys. The selected private keys are 
preferably summed together, generating a secret seed key, Km. In step 225, the information 
handling system generates a 16-bit value, Ro through an orthogonal transformation of Km. 
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In one embodiment of the present invention, tlie sets of encryption keys associated with the 
information handling system are downloaded from a network, such as the Internet. 

In step 280, the information handling system receives Ro' from the display. The RO' 
5 is transmitted to the video controller 140. If Rq' is encrypted or encoded, the information 

handling system can follow any necessary steps to decrypt or decode Rq'- In step 290, the 
stored R<, (taken from the seed key Km fransmitted by the video driver) is compared to the 
received Ro', in the information handling system. If the connected display is an authorized 
display and the private keys and the public key are authorized, the calculated seed values, 
10 Km and Km' should be equal. For example, in the described embodiment, if the 0th, 2nd, 
and 4th private keys of the video driver were hexadecimal values 0x23, 0xA2, and 0x30, 
respectively, the value of Km would be 0x23 + 0xA2 + 0x30, or OxF5. If the display were 
an authorized display with 0th, 4th, and 5th private keys having hexadecimal values of 0x21, 
0x31, and OxA3, respectively. Km' would equal 0x21 + 0x30 + 0xA3, or OxF5. Thus, if the 
15 connected display is authorized, the calculations of Km and Km' should result in equal 

values. 

Once, the video controller compares the value of Rq' to Ro, video controller 140 
(FIG. 1) provides video driver 123 (FIG. 1) with the resuhs of the comparison. If Km and 

20 Km' are equal, Rq and Ro' should also be equal. If Ro and Rq' are not equal, the connected 
display is considered unauthorized and the video driver preferably does not send video data 
to the coimected display; however, if Rq and Ro' are equal, the video driver considers the 
display authorized and allows the video data to be transmitted to the display. Alternatively, 
if no data is received by the information handling system, as in steps 215 and 280, the 

25 connected device is automatically considered unauthorized. In a preferred embodiment, a 

software video driver performs most of the authorization in the information handling 
system. Once the display is considered authorized, the video driver turns over further 
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authentication to a hardware video controller, allowing the software and other system 
resources to be freed for other tasks. 

Referring now to FIG. 3, a diagram of the steps used to perform secured connections 
between a software video driver and a hardware video controller are shown, according to 
one embodiment of the present invention. Communication between the video driver and the 
video controller is preferably encoded with a secret key. 

In step 310, the video driver generates a secret key, hereinafter referred to as the PCI 
key, for encoding communications over the PCI bus. The video driver combines the secret 
seed key. Km, with a display's public key, key selection vector-B (BKSV). The video 
driver can generate the PCI key by concatenating the Km and BKSV values and rearranging 
the ordering of bits in a predefined ordering. Alternatively, the video driver can perform 
other functions, such as multiplication or another suitable transform, to generate the PCI key 
from Km and BKSV. In step 320, the video driver transmits the PCI key to the video 
controller over the peripheral component interconnect (PCI) bus. In step 330, the video 
controller receives the PCI key from the video driver, through the PCI bus. In step 340, the 
video controller uses the PCI key to encode and decode messages sent to and from the video 
driver. In step 350, the video driver also uses the PCI key to encode and decode messages 
to and from the video driver. The PCI key can be dynamic. Both the video driver and the 
video controller use an orthogonal transform with the PCI seed to encode their messages 
over the PCI bus. In one embodiment of the present invention, after an encrypted link is 
established over the PCI bus, the software video driver can securely transfer sets of 
encryption keys and a private decryption key, downloaded from a network, to establish 
public key communications with display 150. 

Referring now to FIG. 4, a flow chart illustrating authentication between a video 
controller and a display are shown, accordmg to one embodiment of the present invention. 
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Communication between the video controller and a display is performed to continually 
verify the security of authenticated devices connected to the video controller. 

In step 420, the display transmits Ro' to the video controller. In one embodiment, the 
display transmits the Rq' once for every 128 frames displayed. The transmission is 
preferably sent over the digital data channel (DDC) line on the video controller's digital 
video interface (DVI) connector, using PC. protocols. In another embodiment, the display 
can encode Ro' by performing a transform using the display's public key. Alternatively, the 
display can perform the transform using its calculated seed key, Km'. In addition, other 
methods can be performed to encode RO' without departing from the scope of the present 
invention. 

hi step 430, the video controller receives Ro' through the DDC line. In step 450, the 
video controller compares the received Ro' to the stored Rq, taken from the seed key (Km), 
sent by the video driver. It will be appreciated that step 450 can be performed by the video 
driver in place of the video confroUer. If Rq' is not equal to Ro, the display is either not an 
authorized display, the connection to the display has been terminated, or another display has 
been connected. In step 470, if Ro' is not equal to Ro, the video driver is informed of the 
insecure connection. The video controller can then send the video data to the display 
unencrypted, allowing it to be displayed, or the video driver can disable the video 
transmission to the video controller, only allowing secured displays to be used. Devices 
other than displays can be connected to the video confroUer. Alternatively, a repeater can be 
connected to the video confroUer. A repeater can be used to transmit video to a plurality of 
displays. If a repeater is used, the repeater preferably fransmits key selector vectors from 
each of the plurality of displays to the video confroUer for authentication. 

The precedmg descriptions have shown embodiments of the present invention used 
to authenticate secure communications between an information handling system with a 
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video controller and a single connected display. Authentication described herein can be 
performed with other types of connected devices. The present invention can also be 
performed to securely communicate with a plurality of connected displays, such as through 
an authorized video repeater with a plurality of connected devices. An embodiment of the 

5 present invention can also be implemented in systems other than computers, and can be used 

to control the transmission of digital data other than video data. For example, at least one 
embodiment of the present invention could be implemented in a compact disc (CD) player, 
or in other devices that might benefit from encrypted information transfer. It should now 
be appreciated by those skilled in the art that the present invention has the advantage that 

10 increased security can be achieved by providing for authentication between a software 
driver and a hardware controller. Another advantage, of at least one embodiment of the 
present mvention, is that encryption can be performed based on an encryption key unique to 
the software driver and peripheral device combination. 

15 In the preceding detailed description of the preferred embodiments, reference has 

been made to the accompanying drawings, which form a part thereof, and in which is shown 
by way of illustration specific preferred embodiments in which the invention may be 
practiced. These embodiments are described in sufficient detail to enable those skilled in 
the art to practice the invention, and it is to be understood that other embodiments may be 

20 utilized and that logical, mechanical, chemical and electrical changes may be made without 
departing from the spirit or scope of the invention. To avoid detail not necessary to enable 
those skilled in the art to practice the invention, the description may omit certain 
information known to those skilled in the art. Furthermore, many other varied embodiments 
that incorporate the teachings of the invention may be easily constructed by those skilled in 

25 the art. Accordingly, the present invention is not intended to be limited to the specific form 
set forth herein, but on the contrary, it is intended to cover such alternatives, modifications, 
and equivalents, as can be reasonably included within the spirit and scope of the invention. 
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The preceding detailed description is, therefore, not to be taken in a limiting sense, and the 
scope of the present invention is defined only by the appended claims. 



O 

m 
m 

m 

m 

w 
m 
m 

^ 

c 

HI 

01 

O 
o 



ATI000092 



PATENT APPLICATION 



WHAT IS CLAIMED IS: 



1 L A method comprising: 

2 establishing an encrypted link between a peripheral device and a software component of 

3 an information handhng system, wherein establishing the encrypted link includes 

4 generating a first seed key common to both the peripheral device and the 

5 software component; 

6 providing the first seed key and a public encryption key associated with the peripheral 

7 device to a hardware controller; and 

8 generating in the hardware controller, using the first seed key and the public encryption 

9 key, a second seed key different from the first seed key, the second seed key to 

10 encrypt communications between the software component and the hardware 

1 1 controller. 

1 2. The method as in Claim 1 , wherein generating the first seed key is performed by the 

2 software component. 

1 3. The method as in Claim 2, wherein generating the first seed key includes: 

2 using the public encryption key associated with the peripheral device to select a plurality 

3 of private encryption keys associated with the software component; and 

4 determining the seed key based upon the selected private keys associated with the 

5 software component. 

1 4. The method as in Claim 1, wherein generating the first seed key is performed by the 

2 peripheral device. 
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1 5. The method as in Claim 4, wherein generating the first seed key includes: 

2 using the public encryption key associated with the software component to select from a 

3 plurality of private encryption keys associated with the peripheral device; and 

4 summing the select private keys associated with the peripheral device. 

1 6. The method as in Claim 1, wherein establishing an encrypted link includes performing 

2 orthogonal encryption of data transmitted to and from the hardware controller. 
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1 7. The method as in Claim 6, further including: 

2 providing the public encryption key associated with the peripheral device and a private 

3 decryption key, associated with the software component, to the hardware 

4 component; and 

5 providing public key encryption between the hardware controller and the 

6 peripheral device. 

1 8. The method as in Claim 6, wherein the orthogonal encryption is performed using an 

2 orthogonal encryption key, wherein the orthogonal encryption key is capable of changing 

3 dynamically. 

1 9. The method as in Claim 6, wherein the orthogonal encryption is performed using an 

2 orthogonal transform function, wherein the orthogonal transform fiinction is capable 

3 of changing dynamically. 

1 1 0. The method as in Claim 1 , wherein the hardware controller is a video controller. 1 . 

1 1 1 . The method as in Claim 1 , wherein the peripheral device is a display device.2. 

1 1 2. The method as in Claim 1 , wherein the step of establishing further includes the first 

2 seed key being based upon the peripheral device and the information handling system. 

1 1 3 . The method as in Claim 12, wherein the first seed key is unique to the peripheral device 

2 and the information handling system.3. 
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1 14. A hardware controller comprising: 

2 a bus connection to receive a first seed key from a software component within an 

3 information handling system; 

4 a digital communications connector to connect to a peripheral device and to receive 

5 a public encryption key from said peripheral device; 

6 a first set of registers to store said first seed key, said first seed key common to both 

7 said information handling system and said peripheral device; 

8 a second register to store said public encryption key; and 

9 a processing circuit to generate, using said first seed key and said public 

10 encryption key, 

1 1 a second seed key different from said first seed key, said second seed key 

12 to encrypt communications between said software component and said 

13 hardware controller. 

1 15. The hardware controller as in Claim 14, wherein said information handUng 

2 system generates said first key and wherein generation of said first key includes: 

3 using said public encryption key to select a plurality of private encryption keys; and 

4 combining said selected private encryption keys. 

1 16. The hardware controller as in Claim 14, wherein communications between said 

2 hardware controller and said information handling system are performed 

3 over a system bus. 

1 17. The hardware controller as in Claim 16, wherein said system bus is a Peripheral 

2 Component Interconnect bus. 
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1 1 8. The hardware controller as in Claim 14, wherein said digital communications 

2 connector is a Digital Video Interface connector. 

1 1 9. The hardware controller as in Claim 14, wherein said hardware controller is a video 

2 controller. 

1 20. The hardware controller as in Claim 1 4, wherein said peripheral device is a display 

2 device. 

1 21 . The hardware controller as in Claim 14, wherein encryption is performed using an 

2 orthogonal transform. 

1 22. The hardware controller as in Claim 2 1 , wherein the orthogonal transform is 

2 performed using an orthogonal encryption key, said orthogonal encryption key 

3 capable of changing dynamically. 

1 23 . The hardware controller as in Claim 2 1 , wherein the orthogonal transform is 

2 performed using an orthogonal transform fiinction, said orthogonal transform 
function capable of changing dynamically. 
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1 24, A system comprising: 

2 a processor coupled to a system bus; 

3 memory coupled to said system bus for use by said processor; 

4 a collection of instructions to be stored in said memory and executed by said 

5 processor, said collection of instructions including instructions to establish an 

6 encrypted link between said system and a peripheral device, wherein establishing 

7 said encrypted link includes generating a first seed key common to both said 

8 peripheral device and said system, said collection of instructions further 

9 including instructions to deliver said first seed key to a peripheral controller; and 

10 a peripheral controller including a bus connection to receive said first seed key; 

11 a digital communications link to connect to said peripheral device and to receive a 

12 public encryption key from said peripheral device; 

13 a first set of registers to store said first seed key; 

14 a second register to store said public encryption key; and 

15 a processing circuit to generate, using said first seed key and said public encryption 

16 key, a second seed key different from said first seed key, said second seed key 

17 to encrypt communications between said system and said peripheral controller. 

1 25. The system as in Claim 24, wherein said memory includes random access memory and 

2 read-only memory.20. 

1 26. The system as in Claim 24, wherein generating a first seed includes: 

2 using said public encryption key to select a plurality of private encryption keys; and 

3 combining said selected private encryption keys. 
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1 27. The system as in Claim 26, wherein said public encryption key and said plurality of 

2 private encryption keys are located in said memory. 

1 28. The system as in Claim 24, wherein said system bus is a Peripheral Component 

2 Interconnect bus. 

1 29. The system as in Claim 24, wherein said digital communications link is a Digital Video 

2 Interface connector. 

1 30. The system as in Claim 24, wherein said peripheral controller is a video controller. 

1 3 1 . The system as in Claim 24, wherein said peripheral device is a display device. 

1 32. The system as in Claim 24, wherein encryption is performed using an orthogonal 

2 transformation. 

1 33. The system as in Claim 32, wherein the orthogonal transform is performed using an 

2 orthogonal encryption key, said orthogonal encryption key capable of changing 

3 dynamically. 

1 34. The system as in Claim 32, wherein the orthogonal transform is performed using an 

2 orthogonal transform function, said orthogonal transform function capable of changing 

3 dynamically. 

1 35. The system as in Claim 24, wherein the digital communications link is to receive a 

2 public encryption key from said peripheral device and to transmit encrypted digital data 

3 to said peripheral device. 
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METHOD AND SYSTEM FOR ENCRYPTION 

Abstract Of The Disclosure 

A method and systems are provided for creating an authentication of secure 
communications between a software video driver and a video display. A video driver 
transmitting digital video data deemed high-bandwidth digital content, to a display, can 
perform authentication to determine if a secure connection has been established with a 
display. The video driver and the display both generate secret keys which are compared to 
ensure that the display used is authorized for secure communications. The video driver, 
communicating with a hardware video controller over a peripheral component interconnect 
(PCI) bus, can establish an encrypted link with the video driver. The video driver 
occasionally monitors the display to determine if a secure communications link is upheld. If 
the connection is determined at any time to be insecure, the video controller can alert the 
video driver, so that transmission of the video data can be terminated. 
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RULES 63 AND 67 (37 C.F.R. 1.63 and 1.67) 
DECLARATION AND POWER OF ATTORNEY 

FOR UTILITY/DESIGN/CIP/PCT NATIONAL APPLICATIONS 

As a below named inventor, I hereby declare that: 

My residence, post office address and citizenship are as stated below next to my 
name; and 

I believe that I am the original, first and sole inventor (if only one name is listed 
below) or an original, first and joint inventor (if plural nanies are listed below) of the 
subject matter which is claimed and for which a patent is sought on the invention entitled; 
METHOD AND SYSTEM FOR ENCRYPTION , the specification of which: 
(mark only one) 

X (a) is attached hereto. 
(b) was filed on XXXXXXXX as Application Serial No. 

XXXXXXXXXX and was amended on (if applicable) 

(c) was filed as PCT International Application No. on 

and was amended on (if applicable). 

(d) was filed on as Application Serial No. and was issued a 

Notice of Allowance on . 

(e) was filed on and bearing attorney docket number , 

I hereby state that I have reviewed and understand the contents of the above 
identified specification, including the claims as amended by any amendment referred to 
above or as allowed as indicated above. 

I acknowledge the duty to disclose all information known to me to be material to the 
patentability of this application as defined in 37 CFR § L56. If this is a continuation-in- 
J)art (CIP) application, insofar as the subject matter of each of the claims of this application 
is not disclosed in the prior United States application in the manner provided by the first 
paragraph of 35 U.S. C. § 112, 1 acknowledge the duty to disclose to the Office all 
information known to me to be material to patentability of the application as defined in 37 
CFR § 1.56 which became available between the filing date of the pripr application and the 
national or PCT international filing date of this CIP application. 
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I hereby claim foreign priority benefits under 35 U.S.C. § 119/365 of any foreign 
application(s) for patent or inventor's certificate listed below and have also identified below 
any foreign application for patent or inventor's certificate filed by me or my assignee 
disclosing the subject matter claimed in this application and having a filing date (1) before 
that of the application on which my priority is claimed or, (2) if no priority is claimed. 



before the filing date of this application: 



PRIOR FOREIGN PATENTS 


Number 


Country 


Month/Day/Year 
Filed 


Date first 
laid-open or 
Published 


Date 

patented or 
Granted 


Priority Claimed 
Yes No 















I hereby claim the benefit under 35 U.S.C. § 120/365 of any United States 
application(s) listed below and PCT international applications listed above or below: 



PRIOR U.S. OR PCT APPLICATIONS 

Application No. (series code/serial no.) Month/Day/Year Filed Status(pending, abandoned, patented) 

xxxxxxxx xxxxxxxx xxxxxxx 

I hereby appoint Sally Daub, Reg. No. 41,478, and J. Gustav Larson, Reg. No. 
39,263 as my attorneys and/or agents, with full power of substitution and revocation, to 
prosecute this application, provisionals thereof, continuations, continuations-in-part, 
divisionals, appeals, reissues, substitutions, and extensions thereof and to transact all 
business in the United States Patent and Trademark Office connected therewith. 

Please address all correspondence and direct all telephone calls to: 

J. Gustav Larson 

Simon, Fakhoury, Tangalos, Frantz & Galasso, PLC 

P.O. Box 26503 

Austin, Texas 78755-0503 

Telephone: (512) 372-8240 

Facsimile: (512) 372-8247 
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I hereby declare that all statements made herein of my own knowledge are true and 
that all statements made on information and belief are believed to be true; and further that 
these statements were made with the knowledge that willftil false statements and the like so 
made are punishable by fine or imprisonment, or both, under Section 1001 of Tide 18 of 
the United States Code, and that such willful false statements may jeopardize the validity of 
the application or any patent issued thereon. 



NAMED INVENTOR(S) 



Full Name 



Stephen A, Bagshaw 




90 Kirk Drive 



Thornhill, Ontario L3T 3L2, Canada 



Residence (city, state, country) 

Canada 



Citizenship 



Same as Residence Address 

Post Office Address (include zip code) 



(FOR ADDITIONAL INVENTORS, check here and add additional sheet for inventor 

information regarding signature, name, date, citizenship, residence and address) 



